| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Mar 2019 23:06:41 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: keyrings@...r.kernel.org
Cc: Mimi Zohar <zohar@...ux.ibm.com>, linux-integrity@...r.kernel.org,
vishal.l.verma@...el.com, linux-nvdimm@...ts.01.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 5/6] security/integrity/evm: Drop direct dependency on
key_type_encrypted
Lookup the key type by name and protect evm from encrypted_keys.ko
module load failures.
Cc: Mimi Zohar <zohar@...ux.ibm.com>
Cc: <linux-integrity@...r.kernel.org>
Signed-off-by: Dan Williams <dan.j.williams@...el.com>
---
security/integrity/evm/evm_crypto.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index c37d08118af5..5c65c3aef427 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -354,10 +354,15 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
int evm_init_key(void)
{
struct key *evm_key;
+ struct key_type *type;
struct encrypted_key_payload *ekp;
int rc;
- evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
+ type = key_type_lookup("encrypted");
+ if (IS_ERR(type))
+ return PTR_ERR(type);
+
+ evm_key = request_key(type, EVMKEY, NULL);
if (IS_ERR(evm_key))
return -ENOENT;
@@ -372,3 +377,5 @@ int evm_init_key(void)
key_put(evm_key);
return rc;
}
+
+MODULE_SOFTDEP("pre: encrypted_keys");
Powered by blists - more mailing lists